ci starts bisection 2024-07-31 21:46:40.435475403 +0000 UTC m=+12658.173273771
bisecting fixing commit since 0106679839f7c69632b3b9833c3268c316c0a9fc
building syzkaller on 3ba885bcb66dec1678d8842ddeb6805786d32a3f
ensuring issue is reproducible on original commit 0106679839f7c69632b3b9833c3268c316c0a9fc

testing commit 0106679839f7c69632b3b9833c3268c316c0a9fc gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f6f185736cfe0112ed5c15f4d4ec2889ed63785af811c10b25ef3cdd2d9b2280
all runs: crashed: KASAN: stack-out-of-bounds Read in profile_pc
representative crash: KASAN: stack-out-of-bounds Read in profile_pc, types: [KASAN]
check whether we can drop unnecessary instrumentation
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 0106679839f7c69632b3b9833c3268c316c0a9fc gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f999217444b5076bd819857f9fbadbbbf78f992914890478de8a0233ff8b4fa6
all runs: crashed: KASAN: stack-out-of-bounds Read in profile_pc
representative crash: KASAN: stack-out-of-bounds Read in profile_pc, types: [KASAN]
the bug reproduces without the instrumentation
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
kconfig minimization: base=4005 full=8010 leaves diff=2006
split chunks (needed=false): <2006>
split chunk #0 of len 2006 into 5 parts
testing without sub-chunk 1/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 0106679839f7c69632b3b9833c3268c316c0a9fc gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a607848902e5c3e38b10d6073cf7bbfbd195386d7fda407f6555023d96156d12
all runs: crashed: KASAN: stack-out-of-bounds Read in profile_pc
representative crash: KASAN: stack-out-of-bounds Read in profile_pc, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 0106679839f7c69632b3b9833c3268c316c0a9fc gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 550a31e12d59264c5917a920efaf889f173c3e6a0fdedd2dc72a6975e78a7340
all runs: crashed: KASAN: stack-out-of-bounds Read in profile_pc
representative crash: KASAN: stack-out-of-bounds Read in profile_pc, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 0106679839f7c69632b3b9833c3268c316c0a9fc gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f27823b577b14e098d9e8721922ad59b5910b65528fe4c90bf08abf6d5672348
all runs: crashed: KASAN: stack-out-of-bounds Read in profile_pc
representative crash: KASAN: stack-out-of-bounds Read in profile_pc, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 0106679839f7c69632b3b9833c3268c316c0a9fc gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d9ea2e44db9881513271431aa896e9890efcc12abd3edf97fb3f9a16bda23783
all runs: crashed: KASAN: stack-out-of-bounds Read in profile_pc
representative crash: KASAN: stack-out-of-bounds Read in profile_pc, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 0106679839f7c69632b3b9833c3268c316c0a9fc gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 49d51b61f0afa5061f083c352a517cfc35226be695ee1289c8090bfedce6a34a
all runs: crashed: KASAN: stack-out-of-bounds Read in profile_pc
representative crash: KASAN: stack-out-of-bounds Read in profile_pc, types: [KASAN]
the chunk can be dropped
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing current HEAD 21b136cc63d2a9ddd60d4699552b69c214b32964
testing commit 21b136cc63d2a9ddd60d4699552b69c214b32964 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 1ba59e3ad7fe6ce49c03816517de430723e28e5348b14999ed3529917061c86f
all runs: OK
false negative chance: 0.000
# git bisect start 21b136cc63d2a9ddd60d4699552b69c214b32964 0106679839f7c69632b3b9833c3268c316c0a9fc
Bisecting: 14023 revisions left to test after this (roughly 14 steps)
[ffdf504cab55743ad55961afae41ad4a079e74bb] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma

determine whether the revision contains the guilty commit
revision 0106679839f7c69632b3b9833c3268c316c0a9fc crashed and is reachable
testing commit ffdf504cab55743ad55961afae41ad4a079e74bb gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 1bc7b23b1f855f84c189809ebc37907cddbc583c5599c2c581a860848167e70b
all runs: crashed: KASAN: stack-out-of-bounds Read in profile_pc
representative crash: KASAN: stack-out-of-bounds Read in profile_pc, types: [KASAN]
# git bisect good ffdf504cab55743ad55961afae41ad4a079e74bb
Bisecting: 7509 revisions left to test after this (roughly 13 steps)
[280e36f0d5b997173d014c07484c03a7f7750668] nsfs: use cleanup guard

determine whether the revision contains the guilty commit
revision 0106679839f7c69632b3b9833c3268c316c0a9fc crashed and is reachable
testing commit 280e36f0d5b997173d014c07484c03a7f7750668 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: e7a226ffd55fbccd28ba0f144b52bdb22657e3cbea39645d4b090903d5cc6d4f
all runs: OK
false negative chance: 0.000
# git bisect bad 280e36f0d5b997173d014c07484c03a7f7750668
Bisecting: 3248 revisions left to test after this (roughly 12 steps)
[a9a4cd9c3397109c2799cb765ab0d3959831a248] Merge tag 'soc-defconfig-6.11' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

determine whether the revision contains the guilty commit
revision 0106679839f7c69632b3b9833c3268c316c0a9fc crashed and is reachable
testing commit a9a4cd9c3397109c2799cb765ab0d3959831a248 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 85b494669474abc3c7b37f48faafb8f8b14e4af33348627057501eb01feb46d0
all runs: OK
false negative chance: 0.000
# git bisect bad a9a4cd9c3397109c2799cb765ab0d3959831a248
Bisecting: 1631 revisions left to test after this (roughly 11 steps)
[c89d780cc195a63dcd9c3d2fc239308b3920a9a1] Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

determine whether the revision contains the guilty commit
revision 0106679839f7c69632b3b9833c3268c316c0a9fc crashed and is reachable
testing commit c89d780cc195a63dcd9c3d2fc239308b3920a9a1 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 0358b1e1c2337ba3225b68455e54915ae1abdfc2fc1b416d41d1db960079a819
all runs: OK
false negative chance: 0.000
# git bisect bad c89d780cc195a63dcd9c3d2fc239308b3920a9a1
Bisecting: 810 revisions left to test after this (roughly 10 steps)
[83ab4b461eb7bdf90984eb56d4954dbe11e926d4] Merge tag 'vfs-6.10-rc8.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs

determine whether the revision contains the guilty commit
revision 0106679839f7c69632b3b9833c3268c316c0a9fc crashed and is reachable
testing commit 83ab4b461eb7bdf90984eb56d4954dbe11e926d4 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f4c4f1b2755ddd4852258775eac94c4af61449ddb970e460b0d61303b827e6f3
all runs: OK
false negative chance: 0.000
# git bisect bad 83ab4b461eb7bdf90984eb56d4954dbe11e926d4
Bisecting: 410 revisions left to test after this (roughly 9 steps)
[921863fd9fe2a7d43437607fedfc7d1780e54acd] Merge tag 'platform-drivers-x86-v6.10-4' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86

determine whether the revision contains the guilty commit
revision 0106679839f7c69632b3b9833c3268c316c0a9fc crashed and is reachable
testing commit 921863fd9fe2a7d43437607fedfc7d1780e54acd gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 75c22fecd7df021dbe344f54ef86fc8187c4b04663cdc98006b0780128f14f05
all runs: OK
false negative chance: 0.000
# git bisect bad 921863fd9fe2a7d43437607fedfc7d1780e54acd
Bisecting: 188 revisions left to test after this (roughly 8 steps)
[3c1d29e53d34537063e60f5eafe0482780a1735a] Merge tag 'sound-6.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

determine whether the revision contains the guilty commit
revision 0106679839f7c69632b3b9833c3268c316c0a9fc crashed and is reachable
testing commit 3c1d29e53d34537063e60f5eafe0482780a1735a gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 1f7311daeca113d28e89d53513f19735c57c69fcd3194b4f7b0a5ddd32ae8bf6
all runs: crashed: KASAN: stack-out-of-bounds Read in profile_pc
representative crash: KASAN: stack-out-of-bounds Read in profile_pc, types: [KASAN]
# git bisect good 3c1d29e53d34537063e60f5eafe0482780a1735a
Bisecting: 93 revisions left to test after this (roughly 7 steps)
[6d6444ba82053c716fb5ac83346202659023044e] Merge tag 's390-6.10-7' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

determine whether the revision contains the guilty commit
revision 3c1d29e53d34537063e60f5eafe0482780a1735a crashed and is reachable
testing commit 6d6444ba82053c716fb5ac83346202659023044e gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: eab5ce6d8e56edfee4f907dbd848071b9e2d0a4071a9a8c4ff70fcceed54e843
all runs: crashed: KASAN: stack-out-of-bounds Read in profile_pc
representative crash: KASAN: stack-out-of-bounds Read in profile_pc, types: [KASAN]
# git bisect good 6d6444ba82053c716fb5ac83346202659023044e
Bisecting: 50 revisions left to test after this (roughly 6 steps)
[a2316dda071fa651c40dd322110081d489651c07] Merge tag 'iommu-fixes-v6.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/iommu/linux

determine whether the revision contains the guilty commit
revision 0106679839f7c69632b3b9833c3268c316c0a9fc crashed and is reachable
testing commit a2316dda071fa651c40dd322110081d489651c07 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 83527849bad6a615ddfba76adcfdd3c0aba9b21d32ec868e00b0debe82547c60
all runs: crashed: KASAN: stack-out-of-bounds Read in profile_pc
representative crash: KASAN: stack-out-of-bounds Read in profile_pc, types: [KASAN]
# git bisect good a2316dda071fa651c40dd322110081d489651c07
Bisecting: 25 revisions left to test after this (roughly 5 steps)
[6c0483dbfe7223f2b8390e3d5fe942629d3317b7] Merge tag 'nfsd-6.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux

determine whether the revision contains the guilty commit
revision 6d6444ba82053c716fb5ac83346202659023044e crashed and is reachable
testing commit 6c0483dbfe7223f2b8390e3d5fe942629d3317b7 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a96bedf36edb71e1cada98131587430bfb254fceeaacdfb7bea56e14946dc941
all runs: crashed: KASAN: stack-out-of-bounds Read in profile_pc
representative crash: KASAN: stack-out-of-bounds Read in profile_pc, types: [KASAN]
# git bisect good 6c0483dbfe7223f2b8390e3d5fe942629d3317b7
Bisecting: 15 revisions left to test after this (roughly 4 steps)
[de0a9f4486337d0eabacc23bd67ff73146eacdc0] Merge tag 'riscv-for-linus-6.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux

determine whether the revision contains the guilty commit
revision 0106679839f7c69632b3b9833c3268c316c0a9fc crashed and is reachable
testing commit de0a9f4486337d0eabacc23bd67ff73146eacdc0 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a740c0d553f5e73231694fe5811dc028c5f51374c565339eb249774d78b672af
all runs: OK
false negative chance: 0.000
# git bisect bad de0a9f4486337d0eabacc23bd67ff73146eacdc0
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[b75f94727023c9d362eb875609dcc71a88a67480] Merge tag 'hardening-v6.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

determine whether the revision contains the guilty commit
revision 3c1d29e53d34537063e60f5eafe0482780a1735a crashed and is reachable
testing commit b75f94727023c9d362eb875609dcc71a88a67480 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: b768cd09ee6c0fadfc6c37fc9d05c5641286f0a37d993bc83e5e939aa995563f
all runs: OK
false negative chance: 0.000
# git bisect bad b75f94727023c9d362eb875609dcc71a88a67480
Bisecting: 2 revisions left to test after this (roughly 1 step)
[6db1208bf95b4c091897b597c415e11edeab2e2d] randomize_kstack: Remove non-functional per-arch entropy filtering

determine whether the revision contains the guilty commit
revision 0106679839f7c69632b3b9833c3268c316c0a9fc crashed and is reachable
testing commit 6db1208bf95b4c091897b597c415e11edeab2e2d gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 6a38aca65f7aef33b6d3cbe208954a10ca922b63c92b26f2f284d5d701923ab6
all runs: crashed: KASAN: stack-out-of-bounds Read in profile_pc
representative crash: KASAN: stack-out-of-bounds Read in profile_pc, types: [KASAN]
# git bisect good 6db1208bf95b4c091897b597c415e11edeab2e2d
Bisecting: 1 revision left to test after this (roughly 1 step)
[1c07c9be87dd3dd0634033bf08728b32465f08fb] tty: mxser: Remove __counted_by from mxser_board.ports[]

determine whether the revision contains the guilty commit
revision 0106679839f7c69632b3b9833c3268c316c0a9fc crashed and is reachable
testing commit 1c07c9be87dd3dd0634033bf08728b32465f08fb gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f13d0f88ceae0868a3c44f2dae17f0a5c5ed23ff2bac21f03973e0d6ab08eedf
all runs: crashed: KASAN: stack-out-of-bounds Read in profile_pc
representative crash: KASAN: stack-out-of-bounds Read in profile_pc, types: [KASAN]
# git bisect good 1c07c9be87dd3dd0634033bf08728b32465f08fb
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[093d9603b60093a9aaae942db56107f6432a5dca] x86: stop playing stack games in profile_pc()

determine whether the revision contains the guilty commit
revision 0106679839f7c69632b3b9833c3268c316c0a9fc crashed and is reachable
testing commit 093d9603b60093a9aaae942db56107f6432a5dca gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 40e02406ea7c3adb397b2e2d411cfb5d31feac798bb0f17fa37744cbfdb91dbb
all runs: OK
false negative chance: 0.000
# git bisect bad 093d9603b60093a9aaae942db56107f6432a5dca
093d9603b60093a9aaae942db56107f6432a5dca is the first bad commit
commit 093d9603b60093a9aaae942db56107f6432a5dca
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Fri Jun 28 14:27:22 2024 -0700

    x86: stop playing stack games in profile_pc()
    
    The 'profile_pc()' function is used for timer-based profiling, which
    isn't really all that relevant any more to begin with, but it also ends
    up making assumptions based on the stack layout that aren't necessarily
    valid.
    
    Basically, the code tries to account the time spent in spinlocks to the
    caller rather than the spinlock, and while I support that as a concept,
    it's not worth the code complexity or the KASAN warnings when no serious
    profiling is done using timers anyway these days.
    
    And the code really does depend on stack layout that is only true in the
    simplest of cases.  We've lost the comment at some point (I think when
    the 32-bit and 64-bit code was unified), but it used to say:
    
            Assume the lock function has either no stack frame or a copy
            of eflags from PUSHF.
    
    which explains why it just blindly loads a word or two straight off the
    stack pointer and then takes a minimal look at the values to just check
    if they might be eflags or the return pc:
    
            Eflags always has bits 22 and up cleared unlike kernel addresses
    
    but that basic stack layout assumption assumes that there isn't any lock
    debugging etc going on that would complicate the code and cause a stack
    frame.
    
    It causes KASAN unhappiness reported for years by syzkaller [1] and
    others [2].
    
    With no real practical reason for this any more, just remove the code.
    
    Just for historical interest, here's some background commits relating to
    this code from 2006:
    
      0cb91a229364 ("i386: Account spinlocks to the caller during profiling for !FP kernels")
      31679f38d886 ("Simplify profile_pc on x86-64")
    
    and a code unification from 2009:
    
      ef4512882dbe ("x86: time_32/64.c unify profile_pc")
    
    but the basics of this thing actually goes back to before the git tree.
    
    Link: https://syzkaller.appspot.com/bug?extid=84fe685c02cd112a2ac3 [1]
    Link: https://lore.kernel.org/all/CAK55_s7Xyq=nh97=K=G1sxueOFrJDAvPOJAL4TPTCAYvmxO9_A@mail.gmail.com/ [2]
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

 arch/x86/kernel/time.c | 20 +-------------------
 1 file changed, 1 insertion(+), 19 deletions(-)

accumulated error probability: 0.00
culprit signature: 40e02406ea7c3adb397b2e2d411cfb5d31feac798bb0f17fa37744cbfdb91dbb
parent  signature: a96bedf36edb71e1cada98131587430bfb254fceeaacdfb7bea56e14946dc941
revisions tested: 23, total time: 5h28m38.402978281s (build: 1h37m41.04552183s, test: 3h37m20.766701676s)
first good commit: 093d9603b60093a9aaae942db56107f6432a5dca x86: stop playing stack games in profile_pc()
recipients (to): ["linux-kernel@vger.kernel.org" "torvalds@linux-foundation.org"]
recipients (cc): ["bp@alien8.de" "dave.hansen@linux.intel.com" "hpa@zytor.com" "mingo@redhat.com" "tglx@linutronix.de" "x86@kernel.org"]